//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by Fernflower decompiler)
//

package net.mingsoft.base.util;

import java.util.Iterator;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import net.mingsoft.base.exception.BusinessException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

public class SqlInjectionUtil {
    private static final Logger LOG = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String REG = "\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or|updatexml|extractvalue|floor|exp|linestring|multpolygon|multlinestring|multipoint|polygon|GeometryCollection|name_const|current_user|if|exists)\\b|(\\*|;|\\+|'|%)\n";
    private static final Pattern sqlPattern = Pattern.compile("\\b(and|exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare|or|updatexml|extractvalue|floor|exp|linestring|multpolygon|multlinestring|multipoint|polygon|GeometryCollection|name_const|current_user|if|exists)\\b|(\\*|;|\\+|'|%)\n", 2);

    public SqlInjectionUtil() {
    }

    public static void filterContent(String... values) {
        String[] var1 = values;
        int var2 = values.length;

        for(int var3 = 0; var3 < var2; ++var3) {
            String value = var1[var3];
            if (value != null && !"".equals(value) && !isSqlValid(value)) {
                LOG.debug("logo error请注意，值可能存在SQL注入风险: {}", value);
                throw new BusinessException("请求地址:" + getRequestUrl() + " \n 当前操作存在sql注入风险，bad sql word:" + value);
            }
        }

    }

    public static void filterContent(Map<String, String> fields) {
        Iterator iterator = fields.keySet().iterator();

        while(iterator.hasNext()) {
            String key = iterator.next().toString();
            String value = (String)fields.get(key);
            LOG.debug("key:{} value:{}", key, value);
            filterContent(key);
            filterContent(value);
        }

    }

    public static boolean isSqlValid(String str) {
        Matcher matcher = sqlPattern.matcher(str);
        if (matcher.find() && StringUtils.isNotBlank(matcher.group())) {
            LOG.info("参数存在非法字符，请确认：" + matcher.group());
            return false;
        } else {
            return true;
        }
    }

    public static String getRequestUrl() {
        HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
        StringBuffer requestURL = request.getRequestURL();
        return requestURL.toString();
    }
}
